In another recent attack on DeFi platforms, a crypto-private project identified as ShadowFi has suffered exploitation by hackers. The exploitation, which claimed about $301,000, became public after famous blockchain security firm Peckshield raised the alarm. ShadowFi confirmed the attack via its Twitter page.
According to ShadowFi, the attacker drained its liquidity pool contract leaving it at $0. Peckshield disclosed that the SDF token’s vulnerability contributed to the protocol’s exploitation. This vulnerability aided the burning of the token; it allowed anyone to carry out the burning without prior approval.
Further, Peckshield added that the hacker drained about 1,078 $BNB, equivalent to $301k. The blockchain security firm identified the hacker as NeorderDAO. The firm cited that the hacker’s name is recorded in its internal database.
Should Tornado Cash be permanently discontinued?
Peckshield disclosed that the hackers wired the stolen funds to Tornado Cash. Tornado Cash is doing more harm than good to the crypto sector. Hackers have employed the secrecy app to wire funds from hacked platforms in different cases. With Tornado Cash, it isn’t easy to trace the path of stolen funds.
Since its creation in 2019, the app has facilitated the laundering of more than $7 billion from numerous crypto platforms. Notorious North Korea base hacking group Lazarus group has employed Tornado Cash on different cases to wire more than $455 million. Also, Tornado Cash aided hackers in stealing about $96 million from Harmony Bridge. Similarly, the secrecy app aided Nomad’s wiring of $7.8 million.
The incessant use of Tornado Cash incurred its ban by the U.S Treasury Office of Foreign Assets Control (OFAC) last month. OFAC bemoaned how the secrecy app has contributed to the attack on numerous crypto platforms. The ban compelled notable outlets to disconnect Tornado cash from their server. Despite the strict restrictions, Hackers still use the tool to wire funds.
Meanwhile, when the OFAC first announced the ban on Tornado Cash, a part of the crypto space kicked against the move. These resulted in heavy criticism for firms that heeded the calls of the OFAC by disconnecting the use of Tornado Cash. Now, the continuous use by hackers has justified the move of the OFAC to blacklist the secrecy app.
Alarming Rate Of Exploitation On DeFi projects
The recent attack on ShadowFi should attract the attention of stakeholders in the crypto space about the increasing attack on DeFi. Last month, Peckshield reported that hackers stole about $208.5 million from DeFi platforms. According to the firm, the figure doesn’t contain the attack on Acala Network.
This figure is quite alarming for the crypto space. Just two days into the month, hackers have attacked two DeFi platforms. Stakeholders and regulators must work together to foster an excellent way to protect investors’ funds.